IET Communications

Research Article

Improved intrusion detection method for ISSN 1751-8628

Received on 10th May 2019
Revised 17th September 2019
communication networks using association Accepted on 10th February 2020
E-First on 25th March 2020
rule mining and artificial neural networks doi: 10.1049/iet-com.2019.0502
www.ietdl.org

Fatemeh Safara1, Alireza Souri2 , Masoud Serrizadeh1

1Department of Computer Engineering, Islamshahr Branch, Islamic Azad University, Islamshahr, Iran
2Young Researchers and Elite Club, Islamshahr Branch, Islamic Azad University, Islamshahr, Iran
E-mail: [email protected]

Abstract: Nowadays, detecting anomaly events in communication networks is highly under consideration by many researchers.
In a large communication network, traffic is massive, which leads to a larger amount of data travelling and also the growth of
noise. Therefore, to extract meaningful data for anomaly detection would be very challenging. Each attack has its own
behaviour that determines the type of attack. However, some attacks may have similar behaviours and only differ in some
features. Extracting such meaningful features is of special importance. In this study, an association rule mining algorithm, in
particular, the Apriori algorithm is employed to extract appropriate features from the raw data including rules and repetitive
patterns. The extracted features would be used then for classifying the data and detecting anomalies in communication
networks. A hybrid of artificial neural network and AdaBoost classification algorithms are employed for classifying the detected
events with normal behaviour and attack events. The proposed method is compared with previous methods reported in this field
such as CART, CHAID, multiple linear regression and logistic regression on KDDCUP99 data set. The results showed that the
proposed method outperformed other classifiers examined. The strategy of reinforcement learning is used to combine the
classifier's results which is based on Max vote strategy.

1 Introduction algorithms are employed to categorise the detected events into

Intrusions can cause enormous economic damages in
communication networks and service computations in cyberspaces
[1]. Intrusion is considered as a process that cracks the reliability,
privacy and availability of an online resource [2]. Intrusion
detection systems provide an ability to identify abnormal behaviour
when an intruder breaks the security system of a communication
network and intends to abnormally access the network. Although
intrusion cannot be prevented completely, it is necessary to
automatically analyse the behaviours of consumers and prevent
interfering behaviours [3]. Usually, the vulnerability of a system is
because of weaknesses in its software security and also can be
originated from the configuration structure of the network for
controlling the access to the information of the network. Generally,
intrusion detection methods can be categorised into two main
branches: detecting misuses and detecting anomalies. In misuse
detection methods, known intrusion patterns are used to detect
unknown intrusions, while in anomaly detection method, the
normal activity of users is used as the criterion of action [4] or
some features are extracted from the data to make a model for
intrusion [5]. Then, the model would be used to detect intrusions.
Data mining comprises of several algorithms and methods
considered for distinguishing unknown patterns in the huge data
sets [6]. Classification, as one of the important supervised learning
approaches, can be used to detect the intrusions in communication
networks.
To support a privacy-aware and high secure environment in the
communication networks, it is important to determine which of the
transferred data are normal and which are destructive. To support
the privacy and security levels of the network environment and
high-performance classification for the intrusion detection, a
hybrid association rules mining and classification method is taken
into attention, in this paper. To select an appropriate feature for
classification, Apriori algorithm is proposed. First, association
rules are extracted using Apriori algorithm, and then proper
features are determined based on the rules extracted. A hybrid
artificial neural network (ANN) and AdaBoost classification
normal behaviour and attacks in communication networks.
The rest of this research is organised as follows. Section 2
presents related works. In Section 3, Apriori algorithm and the
proposed hybrid classification method are explained. Section 4
shows the obtained and experimental simulation results. The paper
is concluded in Section 5 with some directions for the future.
2 Related works
In this section, some of the recent studies on improving the
effectiveness of intrusion detection systems in communication
networks are presented. Keegan et al. [7] presented a survey on the
intrusion detection approaches in cloud computing. The analytical
results have compared the machine learning methods for evaluating
detection approaches.
In other research [8], the authors have proposed a security-
based methodology for attack detection in the industrial cyber
physical systems using data mining. The proposed ensemble
classification technique is used that it has outperformed the other
classification algorithms.
Deng et al. [9] presented a mobile IoT-based intrusion detection
using a single feature selection method in the KDDCUP99 data set.
In another study, Zhang et al. [10] have proposed a cluster-based
machine learning method for multi-layer intrusion detection
approach in the hybrid networks. The authors have increased the
detection probability on the signal processing hybrid networks
based on energy range feature selection technique.
Ahmad et al. [1] presented an extreme learning mechanism to
classify the traffic of data for intrusion detection. The presented
mechanism has been compared with other algorithms by applying
on KDDCUP99 data set.
Bala et al. [11] proposed a routing-based intrusion detection
method in the traffic analysis of the mobile ad hoc networks. The
authors have applied network information theory to evaluate
throughput and packet delivery factors for the proposed method.
Ertam and Yaman [3] proposed a machine learning evaluation
method on the KDDCUP99 data set using the Naive Bayes
algorithm in the Weka simulation environment.

IET Commun., 2020, Vol. 14 Iss. 7, pp. 1192-1197 1192

© The Institution of Engineering and Technology 2020

Fig. 1  Flowchart of the proposed method
José et al. in 2015 and Park et al. [12] used the random forest
classification method for protecting malwares in the intrusion
detection system. The proposed method in the research is based on
two general operators: ordered weighted feature selection on the
Kyoto 2006 + data set and label segmentation method on the final
normalised attributes.
Taher et al. [13] presented a hybrid classification method based
on ANN and support vector machine algorithms to predict
intrusion error in the networks traffic data.
Finally, Riyaz and Ganapathy [14] combined supervised
learning methods, the classification method and fuzzy-based
feature selection method, for the intrusion detection system. They
applied the proposed method on the NSL-KDD data set. The
experimental results showed that the proposed fuzzy-feature
selection has better classification results than other classification
algorithms.
3 Proposed method
In this section, the proposed association rule mining is described.
Then, the proposed classification algorithms are presented.
The flowchart of the proposed data mining method is illustrated
in Fig. 1. According to the flowchart, the process of detecting
intrusions in communication network proposed in this paper is as
follows. First, a general preprocessing is taken place on the data.
By the preprocessing, the outliers are removed and missing values
are filled. Then, using a popular association rule mining method,
Apriori algorithm, a set of repetitive rules and patterns are
extracted from the data set as features. After that, the extracted
features are sent to the next step for creating and evaluation model.
The data is divided into train data and test data. Train data is used
for creating the model and test data is used for evaluating the
proposed method for detecting intrusions from newly entered
IET Commun., 2020, Vol. 14 Iss. 7, pp. 1192-1197
© The Institution of Engineering and Technology 2020
samples. AdaBoost and neural network algorithm are applied on
the data set to create and test model. Then, the voting strategy is
followed to determine the final results.
A hybrid boosting of AdaBoost and neural networks algorithms
are developed to detect intrusions in a communication network.
The most important goal of boosting data is to combine the results
of two or more classifiers and extract the best response. In the
following, we describe the proposed algorithm in detail.
3.1 Feature selection through apriori algorithm
Existence of unbalanced classes in data mining and classification
has become one of the biggest challenges in this field [15].
Unbalanced data set usually means a data set in which the number
of samples representing one class is different from the number of
samples in other classes. This issue causes the classification
algorithm to be bias on a particular class. This problem has been
regularly seen in real applications such as remote sensing, pollution
detection, risk management, fraud detection and especially medical
diagnosis [16]. Several approaches have been proposed for solving
problems related to unbalanced data sets, which can be categorised
in three different batches as follows: (i) approaches at the algorithm
level, (ii) approaches at data level, (iii) cost-sensitive learning
framework. In this article, the first approach is taken into account.
A popular algorithm of association rule mining, Apriori algorithm
is used for feature selection. Association rule mining is a technique
to discover how features are associated with each other. Therefore,
features that have considerable association with each other could
be determined to feed into the classification phase.
Apriori algorithm has several parameters; among them three
parameters which are commonly used are considered in this paper
for feature selection:
(i) Min Support: this parameter shows the minimum value that a set
of features must have to be considered as an optimal and preferable
rule. In other words, samples which have a probability of greater or
equal to this parameter will be considered as regular rules.
(ii) Max-Support: This parameter shows the maximum value of
probability. A sample can be a regular rule with 100% probability.
(iii) Confidence: This parameter is the frequency of the if-then
rules which are found true.
The main goal of the Apriori algorithm is to generate associative
rules to probe KDDCUP99 data set and finally extract important
rules which are repeating rule in fact. Each extracted rule contains
some of the features of KDDCUP99. In addition, each rule has a
confidence level. According to the confidence level, the optimal
rules would be extracted. In other words, the more the confidence
level of a rule, the more is the importance of a feature. Fig. 2
illustrates a part of the rules extracted by Apriori Algorithm.
Some of the most important rules with a confidence level >90%
are shown in Fig. 2. The symbol | indicates nested-if for each law.
The output of any rule is either 0 or 1. The normal instance is
represented by 0 and attack instance is represented by 1. Therefore,
the Apriori algorithm employed in this paper, which receives the
complete KDDCUP99 data set and extracts a set of rules based on
MinSup, MaxSup and Confidence. After running the Apriori
algorithm, the following properties are extracted: Duration,
src_bytes, dst_bytes, count, srv_count, serror_rate, srv_serror_rate,
same_srv_rate, diff_srv_rate and dst_host_srv_rerror_rate. These
features are fed into the classifier phase to be used for detecting
intrusions.
3.2 Hybrid of Adaboost and ANN for classification
The proposed classification method is a hybrid of the most popular
classification methods namely neural network and Adaboost, to
detect the abnormal behaviours of intruders. In order to create a
classification model to operate on training data, it would be
necessary to separate the train and test data. In this paper, 70% of
data is used for training and the rest 30% of data is dedicated to the
test. Training data is used to train the proposed algorithm and
create model and testing samples is used for evaluating the
1193

Fig. 2  Sample of association rules generated by Apriori algorithm
Table 1 Specification of the system used for simulation and
evaluation of the results
Hardware/software Characteristics
operating system Windows 7
RAM memory 4 Gigabytes - 3.06 Gig usable
processor intel processor (Core™)i7 CPU-Q 720 @ 1.60 
GHz
modelling toolkit rapid miner software
proposed method. Then the results would be compared with that of
the other machine learning methods. The results of the above
methods are combined with each other and in every learning
iteration the best answer is selected and the final result is
determined.
The strategy of reinforcement learning is used to combine the
classifier's results which is based on Max vote strategy. Suppose an
instance, features extracted by Apriori algorithm for one record of
the data set, that is an attack (Class = 1) is logged into the vote
system. ANN and Adaboost are working on the instance separately.
Suppose ANN recognises the entered instance as an attack (Class  and evaluate its results are illustrated.
= 1). The same example is identified by the Adaboost algorithm as
an attack. Given that both algorithms have identified the target
sample as ‘1’ and the strategy of the vote-based system is Max, the
final answer will be ‘1’. In the other case, if both algorithms in the
vote system identify the sample entered as ‘0’, then the output will
be ‘0’. In the final case, if one sample algorithm detects ‘1’ and the
other identifies the imported sample ‘0’, the decision is most
difficult. In the proposed vote system, a penalty would be imposed
if an algorithm in the classification had errors, otherwise, the
algorithm would be rewarded. Therefore, if one algorithm
identifies a value of ‘0’ and the other one identifies a value of ‘1’,
then the response of the algorithm that receives the most rewards is
considered as the final answer.
Different voting methods are employed in previous studies such
as weighted sum and median, product [16]. In this paper, the
weighted sum is used for voting. In the next section, the results
obtained by the proposed method would be compared with that of
other methods.
1194
3.3 Evaluation criteria
In this article, accuracy, precision, recall and mean square error
(MSE) are used for evaluating the proposed method and comparing
it with other methods. The criteria are defined as follows [17]:
TP + TN
Accuracy = (1)
TP + TN + FP + FN
TP
Precision = (2)
TP + FP
The above equation is used to evaluate the correctness of the
proposed method. The TP parameter represents the number of
anomalies that are correctly detected. The FP parameter represents
the number of samples which actually were not anomalies but the
proposed model has detected them as anomalies [18]
TP
Recall = (3)
TP + FN
Equation (3) expresses the number of times which the proposed
method was called and the FN parameter represents the number of
samples which were not anomalies and are identified correctly.
The classification error of the proposed method is calculated
based on the following equation [19]
TP + TN
Error = 100 − (4)
TP + TN + FP + FN
The TN represents the number of samples that are anomalies and
are determined as non-anomalies.
Also, the following equation is used to calculate the average
real MSE [19]
MSE = Mean Error∧2 (5)
The following equation is used to calculate the root MSE (RMSE)
RMSE = Sqr Error (6)
4 Experimental results
In this section, the evaluation results of classification algorithms
are illustrated using Rapid miner software. Our proposed algorithm
is compared with some well-known classification algorithms in
previous studies, including CHAID, CART, multiple linear
regression and logistic regression. In Table 1, the characteristics of
the system which has been used to implement the proposed method
4.1 Data set
KDDCUP99 data set is one of the popular data sets for evaluating
intrusion detection algorithms. It is compiled in a United States Air
Force data set. KDDCUP99 data set composed of 42 features, from
which 41 features are used to describe each intrusion and the 42nd
features is a label representing the type of intrusion. The names of
features and type of each of the features are illustrated in Table 2.
Value for each of the features could be discrete or continuous that
represented as Dis and Con, respectively.
4.2 Comparing proposed method with four other methods
The training data which is 70% of the whole data set will be used
for training and generating model, and validation data which is
30% of the whole data will be used for assessing the model
generated. Then ANN and AdaBoost are applied to create models.
The models are tested with test data, which is unseen data.
Therefore, each model in the proposed algorithm has its own
output which expresses its prediction. Finally, voting is performed
to select the best results of the two classifiers as the final results for
detecting anomalies.
IET Commun., 2020, Vol. 14 Iss. 7, pp. 1192-1197
© The Institution of Engineering and Technology 2020
Table 2 KDDCUP99 features
Type Feature name Row Type Feature name Row
Dis is_guest_login 22 Con duration 1
Con count 23 Dis protocol_type 2
Con srv_count 24 Dis service 3
Con serror_rate 25 Dis flag 4
Con srv_serror_rate 26 Con src_bytes 5
Con rerror_rate 27 Con dst_bytes 6
Con srv_rerror_rate 28 Dis land 7
Con same_srv_rate 29 Con wrong_fragment 8
Con diff_srv_rate 30 Con urgent 9
Con srv_diff_host_rate 31 Con hot 10
Con dst_host_count 32 Con num_failed_logins 11
Con dst_host_srv_count 33 Dis logged_in 12
Con dst_host_same_srv_rate 34 Con num_compromised 13
Con dst_host_diff_srv_rate 35 Con root_shell 14
Con dst_host_same_src_port_rate 36 Con su_attempted 15
Con dst_host_srv_diff_host_rate 37 Con num_root 16
Con dst_host_serror_rate 38 Con num_file_creations 17
Con dst_host_srv_serror_rate 39 Con num_shells 18
Con dst_host_rerror_rate 40 Con num_access_files 19
Con dst_host_srv_rerror_rate 41 Con num_outbound_cmds 20
Dis Class 42 Dis is_host_login 21

Fig. 3  Comparing the precision of the proposed method with other
methods
Fig. 4  Comparing the recall of the proposed method with other methods
The same training and testing process are also performed for
four other classifiers CART [20], CHAID [21], Linear regression
[15], and logistic regression [22] to compare the result and approve
the better results achieved by the propped hybrid method.
In Fig. 3, the precision of the proposed method is compared
with other methods.
Fig. 5  Comparing the error of the proposed method with other methods
Precision and recall of the proposed method are compared with
that of four other machine learning method which are from the
popular machine learning methods. The proposed method is
outperformed the other methods with 99.55% precision for
predicting intrusions in communication networks.
Also, Fig. 4 presents recall of the proposed algorithm and other
algorithms in the applied data set with 95% for detecting intrusions
in the communication networks. It confirms that most intrusions
are successfully captured.
In Fig. 5, the classification error of the proposed method is
compared to that of other methods mentioned above.
In the proposed method, the value of error in detecting attacks
in every 100 cases is only 0.45% of error, which is an acceptable
error, particularly in compare with the error of other classification
algorithms examined.
The RMSE of the proposed method is shown in Fig. 6, and
because it has a direct relation with the error of the proposed
method, finally it represents the sum of generated errors in the
proposed method.
Owing to the importance of the subject, the proposed method is
tested with over five popular data sets and evaluated by its
precision, recall, classification error and RMSEs, after which the
results are analysed as mentioned below.

IET Commun., 2020, Vol. 14 Iss. 7, pp. 1192-1197 1195

© The Institution of Engineering and Technology 2020
Fig. 6  Comparing  RMSE in the proposed method with other methods
Fig. 7  Comparing the accuracy of the proposed method on DARPA, Botnet
and DDoS data sets
Fig. 8  Comparing the execution time of the proposed method on DARPA,
Botnet and DDoS data sets
4.3 Evaluation of the results of the proposed hybrid method
on different data sets
This section examines the performance of the proposed hybrid
method on different data sets and demonstrates that the proposed
method works correctly on them. First, the results achieved on
three commonly used intrusion detection data sets which includes:
DARPA [23] BotNet and DDoS are compared [24]. Fig. 7 shows
the accuracy value for classifying the existing data sets using the
proposed method and other classification algorithms.
Also, Fig. 8 shows execution time for classification methods
according to each data set. Our proposed method has the minimum
execution time to classify existing data sets.
In order to generalise the results achieved by using Apriori
algorithm for feature selection and combining Adaboost and neural
network, the method is examined on five other data sets. These
data sets are used to compare machine learning and, in particular,
meta-heuristic algorithms used for software development problems
1196
Fig. 9  Comparing the precision of the proposed method with other
methods using different data sets
Fig. 10  Comparing the recall of the proposed method on different data
sets
[25]. Albrecht [26], Desharnais [27], Kemerer [28], Maxwell [29]
and Nasa [30] data sets.
Fig. 9, presents the precision of applying the proposed
algorithm and AdaBoost and neural network algorithm individually
on five different data sets.
In Fig. 10, the recall evaluations for three algorithms are
presented according to various data sets.
In Fig. 11, the error value of the proposed method and other
methods over different data sets is presented.
As can be observed from Fig. 11, the error of the proposed
method over different data sets is lower than that of other methods.
In Fig. 12, the value of RMSE in the proposed method over
different data sets is preferred.
5 Conclusion
Nowadays communication networks are used in many different
applications. In these networks, there are problems, challenges, and
risks that cause disorder in network procedure and its application.
The most important challenge that researches have is the attacks of
intruders using different types of attacks to communication
networks, datacenters, domain name servers etc. In this research,
an association rule extraction method, Apriori algorithm is used to
extract features from the intrusion detection data sets. The
proposed method of detecting attacks is the hybrid model
composing of AdaBoost and ANN algorithms. The final results
IET Commun., 2020, Vol. 14 Iss. 7, pp. 1192-1197
© The Institution of Engineering and Technology 2020

Fig. 11  Comparing the error of the proposed method with other methods
over different data sets
Fig. 12  Comparing the RMSE of the proposed method with other methods
over different data sets
from two algorithms are obtained by reinforcement learning
method. According to simulation results of the proposed method
presented, the proposed method outperformed the other machine
learning methods examined such as CHAID, Cart, linear regression
and logistic regression. In future work, some dynamic attacks can
be used for evaluating the intrusion detection method based on
machine learning algorithms with optimum feature selection
methods.
6 References
[1] Ahmad, I., Basheri, M., Iqbal, M.J., et al.: ‘Performance comparison of
support vector machine, random forest, and extreme learning machine for
intrusion detection’, IEEE. Access., 2018, 6, pp. 33789–33795
[2] Arshad, J., Azad, M.A., Jokhio, I.A., et al.: ‘Intrusion damage assessment for
multi-stage attacks for clouds’, IET Commun., 2013, 7, pp. 1304–1315
[3] Ertam, F., Yaman, O.: ‘Intrusion detection in computer networks via machine
learning algorithms’. 2017 Int. Artificial Intelligence and Data Processing
Symp. (IDAP), Turkey, 2017, pp. 1–4
[4] Mohammadi, S., Mirvaziri, H., Ghazizadeh-Ahsaee, M., et al.: ‘Cyber
intrusion detection by combined feature selection algorithm’, J. Inf. Secur.
Appl., 2019, 44, pp. 80–88
[5] Koc, L., Mazzuchi, T.A., Sarkani, S.: ‘A network intrusion detection system
based on a hidden naïve Bayes multiclass classifier’, Expert Syst. Appl., 2012,
39, pp. 13492–13500
IET Commun., 2020, Vol. 14 Iss. 7, pp. 1192-1197
© The Institution of Engineering and Technology 2020
[6] Çalişkan, A., Çevik, U.: ‘An efficient noisy pixels detection model for CT
images using extreme learning machines’, Tehnički vjesnik, 2018, 25, pp.
679–686
[7] Keegan, N., Ji, S.-Y., Chaudhary, A., et al.: ‘A survey of cloud-based network
intrusion detection analysis’, Human-centric Comput. Inf. Sci., 2016, 6, p. 19
[8] Ramotsoela, D.T., Hancke, G.P., Abu-Mahfouz, A.M.: ‘Attack detection in
water distribution systems using machine learning’, Human-centric Comput.
Inf. Sci., 2019, 9, p. 13
[9] Deng, L., Li, D., Yao, X., et al.: ‘Mobile network intrusion detection for IoT
system based on transfer learning algorithm’, Cluster Comput., 2019, 22, pp.
9889–9904
[10] Zhang, K., Shen, C., Wang, H., et al.: ‘Cluster computing data mining based
on massive intrusion interference constraints in hybrid networks’, Cluster
Comput., 2019, 22, pp. 7481–7489
[11] Bala, K., Jothi, S., Chandrasekar, A.: ‘An enhanced intrusion detection system
for mobile ad-hoc network based on traffic analysis’, Cluster Comput., 2019,
22, pp. 15205–15212
[12] Park, K., Song, Y., Cheong, Y.: ‘Classification of attack types for intrusion
detection systems using a machine learning algorithm’. 2018 IEEE Fourth Int.
Conf. on Big Data Computing Service and Applications (BigDataService),
Germany, 2018, pp. 282–286
[13] Taher, K.A., Jisan, B.M.Y., Rahman, M.M.: ‘Network intrusion detection
using supervised machine learning technique with feature selection’. 2019 Int.
Conf. on Robotics, Electrical and Signal Processing Techniques (ICREST),
Bangladesh, 2019, pp. 643–646
[14] Riyaz, B., Ganapathy, S.: ‘An intelligent fuzzy rule based feature selection for
effective intrusion detection’. 2018 Int. Conf. on Recent Trends in Advance
Computing (ICRTAC), India, 2018, pp. 206–211
[15] Souri, A., Hosseini, R.: ‘A state-of-the-art survey of malware detection
approaches using data mining techniques’, Human-centric Comput. Inf. Sci.,
2018, 8, p. 3
[16] Mikhail, J.W., Fossaceca, J.M., Iammartino, R.: ‘A semi-boosted nested
model with sensitivity-based weighted binarization for multi-domain network
intrusion detection’, ACM Trans. Intell. Syst. Technol. (TIST), 2019, 10, p. 28
[17] Salo, F., Injadat, M., Nassif, A.B., et al.: ‘Data mining techniques in intrusion
detection systems: a systematic literature review’, IEEE. Access., 2018, 6, pp.
56046–56058
[18] Souri, A., Hosseinpour, S., Rahmani, A.M.: ‘Personality classification based
on profiles of social networks’ users and the five-factor model of personality’,
Human-centric Comput. Inf. Sci., 2018, 8, p. 24
[19] Leu, F., Tsai, K., Hsiao, Y., et al.: ‘An internal intrusion detection and
protection system by using data mining and forensic techniques’, IEEE Syst.
J., 2017, 11, pp. 427–438
[20] Xu, Y., Wang, D., Zhang, W., et al.: ‘Detection of ventricular tachycardia and
fibrillation using adaptive variational mode decomposition and boosted-
CART classifier’, Biomed. Signal Process. Control, 2018, 39, pp. 219–229
[21] Elsayad, A.M., Al-Dhaifallah, M., Nassef, A.M.: ‘Analysis and diagnosis of
Erythemato-Squamous diseases using CHAID decision trees’. 2018 15th Int.
Multi-Conf. on Systems, Signals & Devices (SSD), Tunisia, 2018, pp. 252–
262
[22] Norouzi, M., Souri, A., Zamini, M.S.: ‘A data mining classification approach
for behavioral malware detection’, J. Comput. Netw. Commun., 2016, 2016, p.
pp. 1–9
[23] Sharafaldin, I., Gharib, A., Lashkari, A.H., et al.: ‘Towards a reliable
intrusion detection benchmark dataset’, Softw. Netw., 2018, 2018, pp. 177–
200
[24] Khanchi, S., Vahdat, A., Heywood, M.I., et al.: ‘On botnet detection with
genetic programming under streaming data label budgets and class
imbalance’, Swarm. Evol. Comput., 2018, 39, pp. 123–140
[25] Bosu, M.F., Macdonell, S.G.: ‘Experience: quality benchmarking of datasets
used in software effort estimation’, J. Data Inf. Quality (JDIQ), 2019, 11, p.
19
[26] Brezočnik, L., Fister, I., Podgorelec, V.: ‘Solving Agile software development
problems with swarm intelligence algorithms’. Int. Conf. ‘New Technologies,
Development and Applications’, Bosnia and Herzegovina, 2019, pp. 298–309
[27] Shukla, S., Kumar, S., Bal, P.R.: ‘Analyzing effect of ensemble models on
multi-layer perceptron network for software effort estimation’. 2019 IEEE
World Congress on Services (SERVICES), Italy, 2019, pp. 386–387
[28] Benala, T.R., Mall, R.: ‘DABE: differential evolution in analogy-based
software development effort estimation’, Swarm. Evol. Comput., 2018, 38, pp.
158–172
[29] Choo-Wosoba, H., Datta, S.: ‘Analyzing clustered count data with a cluster-
specific random effect zero-inflated Conway–Maxwell–Poisson distribution’,
J. Appl. Stat., 2018, 45, pp. 799–814
[30] Galvez, R., Fouhey, D.F., Jin, M., et al.: ‘A machine-learning data set
prepared from the NASA solar dynamics observatory mission’, Astrophys. J.
Suppl. Ser., 2019, 242, p. 7
1197